----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59701/ -----------------------------------------------------------
(Updated June 23, 2017, 12:44 p.m.) Review request for Ambari, Alejandro Fernandez, Gautam Borad, Madhan Neethiraj, Mugdha Varadkar, Nixon Rodrigues, Robert Levas, and Sumit Mohanty. Changes ------- Patch for branch-2.5 is attached to Apache JIRA Bugs: AMBARI-21154 https://issues.apache.org/jira/browse/AMBARI-21154 Repository: ambari Description (updated) ------- In a kerberized environment, Atlas hook uses JAAS configuration section named "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment this configuration section is set to use the keytab and principal of HiveServer2 process. The hook running in HiveCLI might fail to authenticate with Kafka if the user can't read the configured keytab. Given that HiveCLI users would have performed kinit, the hook in HiveCLI should use the ticket-cache generated by kinit. When ticket cache is not available (for example in HiveServer2), the hook should use the configuration provided in KafkaClient JAAS section As a solution need to add below in hive atlas-application.properties by default if atlas-hive hook is enabled in secure mode atlas.jaas.ticketBased-KafkaClient.loginModuleControlFlag=required atlas.jaas.ticketBased-KafkaClient.loginModuleName=com.sun.security.auth.module.Krb5LoginModule atlas.jaas.ticketBased-KafkaClient.option.useTicketCache=true The attached patch is for trunk branch, patch for branch-2.5 is attached to Apache Jira Diffs ----- ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/service_advisor.py 6d3e13d ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml a29f74b ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml 8c659ee ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 3054ca3 ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py f8bbca5 ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml 1cbd78b ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml ede267a ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml b70943b ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py d4d28c9 Diff: https://reviews.apache.org/r/59701/diff/2/ Testing ------- Verified fresh install and upgrade on Cent-OS-6. Thanks, Vishal Suvagia